package cn.zero.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import cn.zero.security.core.mobile.MobileAuthenticationSecurityConfig;
import cn.zero.security.validate.core.ValidateCodeSecurityConfig;

@Configuration
public class AppWebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

	@Autowired
	private MobileAuthenticationSecurityConfig mobileSecurityConfig;
	
	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/img/**.png");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.apply(validateCodeSecurityConfig);
		http.apply(mobileSecurityConfig);
		http.formLogin().loginPage("/login").loginProcessingUrl("/login").and().csrf().disable();
		http.authorizeRequests().antMatchers("/login", "/signUp", "/code/image", "/api/wechat/*").permitAll().anyRequest().authenticated();
	}

}
